SSL

Getting everything our of your security headers

When you have installed Really Simple SSL pro, you will get a bunch of new options. Users sometimes ask: “which headers should I enable, and why isn’t it all enabled by default?”. We’ll start auto enabling these as much as possible as of the next version, but this is not always possible. For example Content Security Policy is something that has to be configured cautiously. We have made this as easy as possible by handling the detection of possible issues automatically, but in the end you need to decide if a URL should be allowed or not.

In this security headers article we’ve discussed each header, and have given a “recommended” or “advanced” flag. If you’re not very experienced, you can still enable these without having to configure a lot of settings. Just enable the switch and you’re done!

  • X-Content-Type-Options
  • X-XSS-Protection
  • X-Frame-Options
  • Expect-CT, Certificate Transparency
  • No Referrer When Downgrade header

Related Articles

  • Chrome and Firefox ending support for legacy Symantec certificates

    Chrome and Firefox ending support for legacy Symantec certificates From Google Chrome version 66 and Firefox 60 onwards, support for legacy Symantec certificates (certificates issued before 1 June 2016) will be...
  • Really Simple SSL 2.5.23

    WordPress 4.9 was released this week. So we tested with the new version last week. No compatiblity issues with WordPress 4.9 were found. Additionally, we’ve added a test for the...
  • Over 500.000 active installations of Really Simple SSL!

    This week I noticed Really Simple SSL has passed half a million active websites, and is download over 2 million times! Pretty cool! So I have to thank you, for...
  • Really Simple SSL 2.5.14, minor update

    2.5.14 was released today, with two adjustments: A bug was discovered in the mixed content fixer, where a match was found on http links across html elements when newlines were removed...